d07f75b389
roles: kubernetes: secrets: Add SUSE support
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
6 years ago
45eac53ec7
roles: kubernetes: preinstall: Install openssl-1.1.0 on Tumbleweed
The openssl package on Tumbleweed is actually a virtual package covering
openssl-1.0.0 and openssl-1.1.0 implementations. It defaults to 1.1.0 so
when trying to install it and openssl-1.0.0 is installed, zypper fails
with conflicts. As such, lets explicitly pull the package that we need
which also updates the virtual one.
Co-authored-by: Markos Chandras <mchandras@suse.de>
6 years ago
e42203a13e
roles: kubernetes: preinstall: Add SUSE support
Add support for installing package dependencies and refreshing metadata
on SUSE distributions
Co-authored-by: Nirmoy Das <ndas@suse.de>
6 years ago
88765f62e6
Updating order
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
6 years ago
0f35e17e23
Fix new envvar for setting openstack_tenant_id ( #2641 )
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
6 years ago
77b3f9bb97
Removing default for volume-plugins mountpoint ( #2618 )
All checks test if this is defined meaning there is no way to undefine it.
6 years ago
45f15bf753
Revert "Fix new envvar for setting openstack_tenant_id" ( #2640 )
6 years ago
0c0f6b755d
Fix new envvar for setting openstack_tenant_id
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
6 years ago
4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
6 years ago
b68854f79d
fix kubectl download location and kubectl.sh helper owner/group remove
6 years ago
f954bc0a5a
Remove jinja2 dependency of do
While `do` looks cleaner, forcing this extra option in ansible.cfg
seems to be more invasive. It would be better to keep the traditional
approach of `set dummy = ` instead.
6 years ago
dfc46f02d7
Adding missing service-account certificate for vault
Missed in #2554
6 years ago
ca40d51bc6
Fix typos (no logic changes)
6 years ago
973e7372b4
content: |
6 years ago
b54e091886
Persist ip_vs modules
6 years ago
76bb5f8d75
check if dedicated service account token signing key exists
6 years ago
3004791c64
Add pre-upgrade task for moving credentials file ( #2394 )
* Add pre-upgrade task for moving credentials file
This reverts commit 7ef9f4dfdd
6 years ago
5fe144aa0f
ingress-nginx: container download related things should defined in the download role
6 years ago
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
6 years ago
aa301c31d1
Move credential checks into proper folder
6 years ago
15efdf0c16
Move credential checks
6 years ago
ab8760cc83
Move credentials pre-check
6 years ago
b6da596ec1
Move default configuration parameters for cloud-config
6 years ago
3c12c6beb3
Move cloud config configurations to proper location
6 years ago
8ece922ef0
node_labels documentation + kube-ingress label handling as role_node_label
6 years ago
572ab650db
copy dedicated service account token signing key for kubeadm migration
6 years ago
72c2a8982b
Fix kubecert_node.results indexes
6 years ago
03bcfa7ff5
Stop templating kube-system namespace and creating it ( #2545 )
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
6 years ago
af5f376163
Revert
6 years ago
004b0a3fcf
Fix merge conflict
6 years ago
4d85e3765e
remove redundancy code
6 years ago
daeeae1a91
Added retries in pre-upgrade.yml and retries while applying kube-dns.yml ( #2553 )
* Added retries in pre-upgrade.yml and retries while applying kube-dns.yml
* Removed trailing spaces
6 years ago
c8f857eae4
configure kubespray to sign service account tokens with a dedicated and stable key
6 years ago
9ebbf1c3cd
Added a fix in openssl.conf template to check if IP of loadbalncer is available or not.
6 years ago
0b5404b2b7
Fix
6 years ago
0df32b03ca
Update openssl.conf to count better and work with Jinja 2.9
6 years ago
72a4223884
Write cloud-config during kubelet configuration
This file should only be updated during kubelet upgrade so that
master components are not accidentally restarted first during
preinstall stage.
6 years ago
e375678674
Set exact user for Kubelet services
6 years ago
1d0415a6cf
fixes typo in kube_override_hostname for kubeadm
6 years ago
9fa995ac9d
only sets nodeName in kubeadm-config when kube_override_hostname is set
6 years ago
8b71ef8ceb
Labels from role (node-role.k8s.io/node) and labels from inventory are merged into node-labels parameter in kubelet
6 years ago
ee8f678010
Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly ( #2446 )
6 years ago
13e47e73c8
Update kubeadm-config.yaml.j2
As requested
6 years ago
6c4e5e0e3d
Update kubeadm-config.yaml.j2
6 years ago
d2fd7b7462
Update kube-apiserver.manifest.j2
6 years ago
d9453f323b
Update kube-apiserver.manifest.j2
6 years ago
b787b76c6c
Update kube-apiserver.manifest.j2
Ensure that kube-apiserver will respond even if one of the nodes are down.
6 years ago
a94a407a43
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
6 years ago
b9a949820a
Only copy tokens if tokens_list contains any
6 years ago
1481f7d64b
Dedicated node for ingress nginx controller
The ability to create dedicated node for ingress nginx controller
host type network for nginx controller
and add from example https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/static-ip/nginx-ingress-controller.yaml
terminationGracePeriodSeconds: 60
6 years ago
Markos Chandras
Nirmoy Das
Marcelo Grebois
Robin Skahjem-Eriksen
Brad Beam
Matthew Mosesohn
Atoms
Matthew Mosesohn
Brad Beam
Daniel Hoherd
Chen Hong
georgejdli
Wong Hoi Sing Edison
avoidik
Erwan Miran
Andreas Kruger
Kuldip Madnani
Dann Bohn
mirwan
Bharat Kunwar
Sergey Bondarev